Forum Discussion

Mike_Graston_10's avatar
Mike_Graston_10
Icon for Nimbostratus rankNimbostratus
Feb 22, 2007

restricting source IP's based on uri content

All,

 

 

I have been racking my brain for two days now and have read back on this list since middle of last year and still can't figure out how to combine two pieces of logic with an and statement. I have setup a data class for allowed IP addresses and also filtered on a string in a uri but need to do them both. I have the below script and continually get syntax. I tried it about 100 times.

 

 

when CLIENT_ACCEPTED {

 

if { [string tolower [HTTP::uri]] contains "login"} {

 

if { not [matchclass [IP::client_addr] eq [$::private_IP]]} {

 

discard}

 

}

 

Seems simple enough, I tried using an and command an or which won't help, What I need to do is any request going to my login.asp page is only allowed from my internal addresses defined in my private_IP pool???? Any help at this point would be appreciated!!!

3 Replies

  • Depending on how flexible your network is, maybe you don't need an irule at all. How about simply allowing only requests coming from the 'internal' vlan access to the VIP? screen cap attached.

     

     

  • Guys, thanks for the replies, The VS needs to be availbile to everyone as it houses a portal. I did take the script and got it to load but I am waiting for a change window to implement and test. Should it pickup my Data group automatically or is there some thing I need to do first???? I have never used a data group. Thanks for the assitance, i am one step closer....

     

  • If you've defined your data group already, the rule will be able to reference it. If you made the changes via the GUI, you don't need to do anything to initialize them.

     

     

    Aaron